Add IPv6 support for private peering using Azure CLI
This article describes how to add IPv6 support to connect via ExpressRoute to your resources in Azure using Azure CLI.
- Review the prerequisites and workflows before you begin configuration.
- An Azure account with an active subscription. Create an account for free.
- Install the latest version of the CLI commands (2.0 or later). For information about installing the CLI commands, see Install the Azure CLI and Get Started with Azure CLI.
Azure Cloud Shell
Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article, without having to install anything on your local environment.
To start Azure Cloud Shell:
|Select Try It in the upper-right corner of a code or command block. Selecting Try It doesn't automatically copy the code or command to Cloud Shell.|
|Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser.|
|Select the Cloud Shell button on the menu bar at the upper right in the Azure portal.|
To use Azure Cloud Shell:
Start Cloud Shell.
Select the Copy button on a code block (or command block) to copy the code or command.
Paste the code or command into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux, or by selecting Cmd+Shift+V on macOS.
Select Enter to run the code or command.
Add IPv6 Private Peering to your ExpressRoute circuit
Create an ExpressRoute circuit or use an existing circuit. View the circuit details by running the following:
az network express-route show --resource-group "<ExpressRouteResourceGroup>" --name "<MyCircuit>"
View the private peering configuration for the circuit by running the following:
az network express-route peering show -g "<ExpressRouteResourceGroup>" --circuit-name "<MyCircuit>" --name AzurePrivatePeering
Add an IPv6 Private Peering to your existing IPv4 Private Peering configuration. Provide a pair of /126 IPv6 subnets that you own for your primary link and secondary links. From each of these subnets, you will assign the first usable IP address to your router as Microsoft uses the second usable IP for its router.
az network express-route peering update -g "<ExpressRouteResourceGroup>" --circuit-name "<MyCircuit>" --name AzurePrivatePeering --ip-version ipv6 --primary-peer-subnet "<X:X:X:X/126>" --secondary-peer-subnet "<Y:Y:Y:Y/126>"
Update your connection to an existing virtual network
Follow the steps below if you have an existing environment of Azure resources that you would like to use your IPv6 Private Peering with.
Add an IPv6 address space to the virtual network that your ExpressRoute circuit is connected to.
az network vnet update -g "<MyResourceGroup>" -n "<MyVNet>" --address-prefixes "X:X:X:X::/64"
Add IPv6 address space to your gateway subnet. The gateway IPv6 subnet should be /64 or larger.
az network vnet subnet update -g "<MyResourceGroup>" -n "<MySubnet>" -vnet-name "<MyVNet>" --address-prefixes "10.0.0.0/26", "X:X:X:X::/64"
If you have an existing zone-redundant gateway, run the following to enable IPv6 connectivity (note that it may take up to 1 hour for changes to reflect). Otherwise, create the virtual network gateway using any SKU. If you plan to use FastPath, use UltraPerformance or ErGw3AZ (note that this is only available for circuits using ExpressRoute Direct).
az network vnet-gateway update --name "<GatewayName>" --resource-group "<MyResourceGroup>"
If you have an existing gateway that is not zone-redundant (meaning it is Standard, High Performance, or Ultra Performance SKU) and uses a public IP address of Basic SKU, you will need to delete and recreate the gateway using any SKU and a Standard, Static public IP address.
Create a connection to a new virtual network
Follow the steps below if you plan to connect to a new set of Azure resources using your IPv6 Private Peering.
Create a dual-stack virtual network with both IPv4 and IPv6 address space. For more information, see Create a virtual network.
Create the virtual network gateway using any SKU. If you plan to use FastPath, use UltraPerformance or ErGw3AZ (note that this is only available for circuits using ExpressRoute Direct).
While IPv6 support is available for connections to deployments in global Azure regions, it does not support the following use cases:
- Connections to existing ExpressRoute gateways that are not zone-redundant. Note that newly created ExpressRoute gateways of any SKU (both zone-redundant and not) using a Standard, Static IP address can be used for dual-stack ExpressRoute connections
- Global Reach connections between ExpressRoute circuits
- Use of ExpressRoute with virtual WAN
- FastPath with non-ExpressRoute Direct circuits
- FastPath with circuits in the following peering locations: Dubai
- Coexistence with VPN Gateway
To troubleshoot ExpressRoute problems, see the following articles: